** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => kilo-3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1398347
Title:
LDAP backend should do filtered query instead of getting all data and
then filtering
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
When I want to find entity (group/user) by name (using /v3/users?name=MyUser
or /v3/groups?name=MyGroup) LDAP gets all data associated to entity (for
example whole users database) and then filter it.
It should do filtering on query level in my opinion. It is very useful when
having huge LDAP catalog.
How it works now:
If I want find user with name: MyUser...
1. Keystone queries LDAP in user_tree_dn for all user_filter matching
entities
2. Filters out user (MyUser) I am looking for
How it should work:
If I want find user with name: MyUser...
1. Keystone queries LDAP in user_tree_dn for user matching both user_filter
and ({user_name_attribute}=MyUser)
{user_name_attribute} is of course from keystone.conf or
keystone.domainName.conf
This approach reduces data downloaded from LDAP and allows to have very large
users database without shrinking it down by user_filter (no always possible) or
using paging (also not always possible).
I heard that there was some effort to move filtering into query level but
status is unknown.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1398347/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
